2021-10-19 04:37:24 |
Bryce Harrington |
description |
Scheduled-For: 23.01
Upstream: tbd
Debian: 2.5.2-4
Ubuntu: 2.4.1-2ubuntu4
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
sssd (2.5.2-4) unstable; urgency=medium
* control: Promote libnss-sss and libpam-sss to sssd-common Depends.
(Closes: #995730)
* common: Drop old Breaks/Replaces.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300
sssd (2.5.2-3) unstable; urgency=medium
* rules: Explicitly set sssd-user as root.
* install: Add sssd-pcsc.rules to -common.
* postinst: Correct file/dir permissions and ownership when the daemon
is run as root. (Closes: #994807)
* 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our
libldap is built without LDAP_CONNECTIONLESS, cope with that.
(Closes: #994879)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300
sssd (2.5.2-2) unstable; urgency=medium
* rules: Disable tests for now. (Closes: #994479)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300
sssd (2.5.2-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* d/apparmor-profile: Update profile:
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec/sssd/*.
[ Timo Aaltonen ]
* New upstream release. (Closes: #978904, #992815, #983795)
* fix-whitespace-test.diff: Refreshed.
* control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.
* fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix.
* patches: Fix CVE-2021-3621. (Closes: #992710)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
sssd (2.4.1-2) unstable; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian/control: Mark test packages as <!nocheck>
- Add missing test dependencies
- Enable libcmocka (and so unit tests) all the archs
* debian/rules:
- Don't run tests if nocheck is set
- Enable tests again
* debian/patches:
- Get libsofthsm2 from right path for each architecture
[ Timo Aaltonen ]
* test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch:
Dropped, upstream.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200
sssd (2.4.1-1) unstable; urgency=medium
* New upstream release.
* libpam-sss.install: Add pam_sss_gss.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
sssd (2.4.0-1) unstable; urgency=medium
* New upstream release.
* source: Update diff-ignore.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200
sssd (2.3.1-3) unstable; urgency=medium
* control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300
sssd (2.3.1-2) unstable; urgency=medium
* control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300
sssd (2.3.1-1) unstable; urgency=medium
* New upstream release. (Closes: #965307, #965143)
* source: Extend diff-ignore.
* rules: Set --with-libwbclient.
* control: Add libsofthsm2 to build-depends for tests.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300
sssd (2.3.0-2) unstable; urgency=medium
* rules: Drop quilt, autoreconf from dh.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300
### Old Ubuntu Delta ###
sssd (2.4.1-2ubuntu4) impish; urgency=medium
* Fix FTBFS with newer autoconf
- debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
and PYTHON_EXEC_PREFIX in src/external/python.m4.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400
sssd (2.4.1-2ubuntu3) impish; urgency=medium
* SECURITY UPDATE: shell command injection in sssctl comment
- debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
avoid execution of user supplied command in
src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
- CVE-2021-3621
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400
sssd (2.4.1-2ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400
sssd (2.4.1-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/sssd/*.
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
* Dropped changes:
- d/p/condition-path-exists-sssd-conf.patch: Only start
sssd.service if there is a configuration file present.
(LP: #1900642)
[ Included in 2.4.1-2 ]
- d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
Upstream patch to make sssd.service only able to start when there
is a configuration file present. (LP #1900642)
- d/p/condition-path-exists-sssd-conf.patch: Remove.
[ Included in 2.4.1-2 ]
- Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
+ d/p/lp-1908065-01-syslog_identifier-format.patch:
Upstream patch to include 'sssd[]' identifier in program names.
+ d/p/lp-1908065-02-remove-syslog_identifier.patch:
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
[ Included in 2.4.1-2 ]
* Added changes:
- d/p/fix-python-tests.patch: Fix Python tests by making them
assert Python module paths by using full pathnames.
- d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
which is failing when running inside sbuild.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400
|
Upstream: tbd
Debian: 2.5.2-4
Ubuntu: 2.4.1-2ubuntu4
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
sssd (2.5.2-4) unstable; urgency=medium
* control: Promote libnss-sss and libpam-sss to sssd-common Depends.
(Closes: #995730)
* common: Drop old Breaks/Replaces.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 11 Oct 2021 17:46:04 +0300
sssd (2.5.2-3) unstable; urgency=medium
* rules: Explicitly set sssd-user as root.
* install: Add sssd-pcsc.rules to -common.
* postinst: Correct file/dir permissions and ownership when the daemon
is run as root. (Closes: #994807)
* 0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch: Our
libldap is built without LDAP_CONNECTIONLESS, cope with that.
(Closes: #994879)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Sep 2021 18:54:07 +0300
sssd (2.5.2-2) unstable; urgency=medium
* rules: Disable tests for now. (Closes: #994479)
-- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Sep 2021 17:38:19 +0300
sssd (2.5.2-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* d/apparmor-profile: Update profile:
- Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
- Add read/execute permission to /usr/libexec/sssd/*.
[ Timo Aaltonen ]
* New upstream release. (Closes: #978904, #992815, #983795)
* fix-whitespace-test.diff: Refreshed.
* control, rules: Drop libwbclient-sssd-*, support for it was dropped upstream.
* fix_newer_autoconf.patch: Don't unset python prefix/exec-prefix.
* patches: Fix CVE-2021-3621. (Closes: #992710)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
sssd (2.4.1-2) unstable; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian/control: Mark test packages as <!nocheck>
- Add missing test dependencies
- Enable libcmocka (and so unit tests) all the archs
* debian/rules:
- Don't run tests if nocheck is set
- Enable tests again
* debian/patches:
- Get libsofthsm2 from right path for each architecture
[ Timo Aaltonen ]
* test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch:
Dropped, upstream.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 13:49:04 +0200
sssd (2.4.1-1) unstable; urgency=medium
* New upstream release.
* libpam-sss.install: Add pam_sss_gss.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
sssd (2.4.0-1) unstable; urgency=medium
* New upstream release.
* source: Update diff-ignore.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 08 Dec 2020 22:36:54 +0200
sssd (2.3.1-3) unstable; urgency=medium
* control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 06 Oct 2020 15:56:19 +0300
sssd (2.3.1-2) unstable; urgency=medium
* control: Add sssd-dbus to sssd-tools Recommends. (LP: #1895645)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 17 Sep 2020 14:15:03 +0300
sssd (2.3.1-1) unstable; urgency=medium
* New upstream release. (Closes: #965307, #965143)
* source: Extend diff-ignore.
* rules: Set --with-libwbclient.
* control: Add libsofthsm2 to build-depends for tests.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 28 Jul 2020 17:14:55 +0300
sssd (2.3.0-2) unstable; urgency=medium
* rules: Drop quilt, autoreconf from dh.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 13 Jul 2020 15:49:20 +0300
### Old Ubuntu Delta ###
sssd (2.4.1-2ubuntu4) impish; urgency=medium
* Fix FTBFS with newer autoconf
- debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
and PYTHON_EXEC_PREFIX in src/external/python.m4.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400
sssd (2.4.1-2ubuntu3) impish; urgency=medium
* SECURITY UPDATE: shell command injection in sssctl comment
- debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
avoid execution of user supplied command in
src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
- CVE-2021-3621
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400
sssd (2.4.1-2ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400
sssd (2.4.1-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/apparmor-profile: Update profile. (LP #1910611)
+ Extend read permissions to /etc/sssd/** and /etc/gss/**.
+ Add read/execute permission to /usr/libexec/sssd/*.
- Disable lto, not ready upstream.
- d/control: Drop libgdm-dev Build-Depend on i386.
* Dropped changes:
- d/p/condition-path-exists-sssd-conf.patch: Only start
sssd.service if there is a configuration file present.
(LP: #1900642)
[ Included in 2.4.1-2 ]
- d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
Upstream patch to make sssd.service only able to start when there
is a configuration file present. (LP #1900642)
- d/p/condition-path-exists-sssd-conf.patch: Remove.
[ Included in 2.4.1-2 ]
- Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
+ d/p/lp-1908065-01-syslog_identifier-format.patch:
Upstream patch to include 'sssd[]' identifier in program names.
+ d/p/lp-1908065-02-remove-syslog_identifier.patch:
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
[ Included in 2.4.1-2 ]
* Added changes:
- d/p/fix-python-tests.patch: Fix Python tests by making them
assert Python module paths by using full pathnames.
- d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
which is failing when running inside sbuild.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400 |
|